openldap-technical July 2012

openldap-technical@openldap.org

69 participants
71 discussions

substitute a schema
by paulo bruck 16 Jul '12

16 Jul '12

Hi Guys I develop a simple schema and now I would like to suibstitute the actual schema for another one with same attributes and objectclass + another attibutes and obcejtclass . See its a superseed of ther previus one... I have already try using : ldapdelete -Y EXTERNAL -H ldapi:/// cn={6}squid,cn=schema,cn=config but received a: ldap_delete: Server is unwilling to perform (53) Doing it by hand it worked ( stoping ldap, substituted cn=squid with new one and restarting ldap), but I know that is not correct... How can I do it using ldapdelete ? best regards

4 3

Re[8]: Searching few domains for one uid
by kefast＠o2.pl 15 Jul '12

15 Jul '12

> --On Friday, July 13, 2012 10:12 AM +0200 kefast(a)o2.pl wrote: >> >>> --On Thursday, July 12, 2012 11:16 AM +0200 kefast(a)o2.pl wrote: >> >> >>>> >>>> I've got 3 databases on a server >>>> dc=a,dc=com >>>> dc=b,dc=com,dc=de >>>> dc=c,dc=com,dc=fr >>>> >>>> When on a client side a pointed BASE "" >>>> the server says: >>>> slapd[13330]: do_search: invalid dn ("") >>>> >>>> Should I reconfigure my database maybe and set dn to "" ? >>>> If yes how should the root dn look like ? >>>> dn: "" >>>> dc: "" >>>> objectClass: top >>>> objectClass: domain >>>> structuralObjectClass: domain >> >>> The easiest thing to do is to create a single database, with a root of >>> "". You don't need to create an entry for "" itself, as it is inherent >>> to the openldap directory server. >> >>> First entry would (in your case) likely be for dn: dc=com >> >>> dn: dc=com >>> objectClass: organization >>> objectClass: dcObject >>> o: com domain >>> dc: com >> >> >>> --Quanah >> >> >>> -- >> >>> Quanah Gibson-Mount >>> Sr. Member of Technical Staff >>> Zimbra, Inc >>> A Division of VMware, Inc. >>> -------------------- >>> Zimbra :: the leader in open source messaging and collaboration >> >> >> But in my case not all of my domains finishs on .com in the end. >> So beside a.com I've got b.com.de and b.com.fr, so in that case I'm >> not sure the root "com" would do, so maybe making root as .corp and then >> a.com.corp, b.com.de.corp, c.com.fr.corp. >> And one more think, is that statement which combines all parts of a >> domain in one dc would be ok ? >> dn="ou=People,dc=b.com.de,dc=corp" >> Would't it spoil something ? > You are missing the point of using "". ;) The point of using "" is that > you can store any and all domains in the same database. > In your case, if you have .de and .fr, then create entries for them too: > dn: dc=com > objectClass: organization > objectClass: dcObject > o: com domain > dc: com > dn: dc=de > objectClass: organization > objectClass: dcObject > o: de domain > dc: de > dn: dc=com, dc=de > objectClass: organization > objectClass: dcObject > o: com.de domain > dc: com > dn: dc=fr > objectClass: organization > objectClass: dcObject > o: fr domain > dc: fr > dn: dc=com, dc=fr > objectClass: organization > objectClass: dcObject > o: com.fr domain > dc: com > etc. > You could even create: > dn: cn=IamWildAndCrazy > objectClass: organizationalRole > description: Insane entry > cn: IamWildAndCrazy > --Quanah > -- > Quanah Gibson-Mount > Sr. Member of Technical Staff > Zimbra, Inc > A Division of VMware, Inc. > -------------------- > Zimbra :: the leader in open source messaging and collaboration Ok, thanx, I do understand that, but my point is, where I can put those "" in configuration files ? On a client side set BASE "" and in slapd.conf database bdb suffix "" rootdn "cn=admin" ? How persisly set config files (client, server) to search for all of those domains You listed. -- Pozdrowienia, kefast(a)o2.pl

2 1

olcSubordinate versus Chaining
by Warren Howard 14 Jul '12

14 Jul '12

Dear all, I'm setting up a replicated directory service, so far I have a single provider and a single consumer with Syncrepl in refreshOnly mode. The consumer is a complete shadow copy of the provider, ldap clients can read from the consumer but not write to the consumer because it is a shadow copy. Next I would like "refer" ldap clients that wish to write to the consumer to the provider. Based on the notes here : http://www.openldap.org/doc/admin24/referrals.html, I would like to how to do this by using the olcSubordinate keyword. I've read the olcSubordinate section in slapd-config man page and I don't see a way forward and I'm not even sure that using olcSubordinate is the correct approach, since the steps described in http://www.openldap.org/doc/admin24/overlays.html#Chaining appear more relevant to set up I'm attempting. Any guidance much appreciated. Regards, Warren.

3 3

modifying network timeout behavior of ldap clients
by Ryan Palamara 14 Jul '12

14 Jul '12

I am running several CentOS servers that have 2 ldap servers defined. I would like to modify the ldap network timeout, so that if the first ldap server listed goes down entirely, that it will go to the next server quickly. I know that the setting will be LDAP_OPT_NETWORK_TIMEOUT, but I am not sure when this change is made. Can this be done in the ldap.conf file, or is it done elsewhere? Thank you, Ryan Palamara ZAIS Group, LLC 2 Bridge Avenue, Suite 322 Red Bank, New Jersey 07701 Phone: (732) 450-7444 Ryan.palamara(a)zaisgroup.com<mailto:Ryan.palamara@zaisgroup.com> ________________________________ This e-mail message is intended only for the named recipient(s) above. It may contain confidential information. If you are not the intended recipient you are hereby notified that any dissemination, distribution or copying of this e-mail and any attachment(s) is strictly prohibited. If you have received this e-mail in error, please immediately notify the sender by replying to this e-mail and delete the message and any attachment(s) from your system. Thank you. This is not an offer (or solicitation of an offer) to buy/sell the securities/instruments mentioned or an official confirmation. This is not research and is not from ZAIS Group but it may refer to a research analyst/research report. Unless indicated, these views are the author's and may differ from those of ZAIS Group research or others in the Firm. We do not represent this is accurate or complete and we may not update this. Past performance is not indicative of future returns. IRS CIRCULAR 230 NOTICE:. To comply with requirements imposed by the IRS, we inform you that any U.S. federal tax advice contained herein (including any attachments), unless specifically stated otherwise, is not intended or written to be used, and cannot be used, for the purpose of (i) avoiding penalties under the Internal Revenue Code or (ii) promoting, marketing or recommending any transaction or matter addressed herein to another party. Each taxpayer should seek advice based on the taxpayer's particular circumstances from an independent tax advisor. "ZAIS", "ZAIS Group" and "ZAIS Solutions" are trademarks of ZAIS Group, LLC.

2 2

Re[6]: Searching few domains for one uid
by kefast＠o2.pl 14 Jul '12

14 Jul '12

> --On Thursday, July 12, 2012 11:16 AM +0200 kefast(a)o2.pl wrote: >> >> I've got 3 databases on a server >> dc=a,dc=com >> dc=b,dc=com,dc=de >> dc=c,dc=com,dc=fr >> >> When on a client side a pointed BASE "" >> the server says: >> slapd[13330]: do_search: invalid dn ("") >> >> Should I reconfigure my database maybe and set dn to "" ? >> If yes how should the root dn look like ? >> dn: "" >> dc: "" >> objectClass: top >> objectClass: domain >> structuralObjectClass: domain > The easiest thing to do is to create a single database, with a root of "". > You don't need to create an entry for "" itself, as it is inherent to the > openldap directory server. > First entry would (in your case) likely be for dn: dc=com > dn: dc=com > objectClass: organization > objectClass: dcObject > o: com domain > dc: com > --Quanah > -- > Quanah Gibson-Mount > Sr. Member of Technical Staff > Zimbra, Inc > A Division of VMware, Inc. > -------------------- > Zimbra :: the leader in open source messaging and collaboration But in my case not all of my domains finishs on .com in the end. So beside a.com I've got b.com.de and b.com.fr, so in that case I'm not sure the root "com" would do, so maybe making root as .corp and then a.com.corp, b.com.de.corp, c.com.fr.corp. And one more think, is that statement which combines all parts of a domain in one dc would be ok ? dn="ou=People,dc=b.com.de,dc=corp" Would't it spoil something ? -- Pozdrowienia, kefast(a)o2.pl

2 1

Re[4]: Searching few domains for one uid
by kefast＠o2.pl 13 Jul '12

13 Jul '12

Witaj Quanah, W Twoim liście datowanym 12 lipca 2012 (10:58:52) można przeczytać: > --On Thursday, July 12, 2012 10:55 AM +0200 kefast(a)o2.pl wrote: >> >> Thanx for Your response, and I'm sorry, cause I didn't catch that. >> Do You mean I should set var in ldap.conf on a client to >> BASE "dc=a,dc=com dc=b,dc=com,dc=de dc=c,dc=com,dc=fr" ? > Please keep your reply on the list. > You should use a base of "", which is the root base. On your LDAP server > too. Then everything is stored under "", and any search of "" for uid will > return all entries below it. > If this was a file system, "" would be equivalent to / > --Quanah > -- > Quanah Gibson-Mount > Sr. Member of Technical Staff > Zimbra, Inc > A Division of VMware, Inc. > -------------------- > Zimbra :: the leader in open source messaging and collaboration I've got 3 databases on a server dc=a,dc=com dc=b,dc=com,dc=de dc=c,dc=com,dc=fr When on a client side a pointed BASE "" the server says: slapd[13330]: do_search: invalid dn ("") Should I reconfigure my database maybe and set dn to "" ? If yes how should the root dn look like ? dn: "" dc: "" objectClass: top objectClass: domain structuralObjectClass: domain -- Pozdrowienia, kefast(a)o2.pl

2 1

Binlogs Growing umlimited
by Thomas Spycher 12 Jul '12

12 Jul '12

Hi We are maintaining a huge LDAP Directory with x thousands records. This OpenLDAP instance is only for load and performance tests of our software. I've recently noticed that the bin logs of the bdb backend are growing nearly unlimited. (The LDAP Server gets replicated to an other one in an active/passive cluster). To gain the "wasted" space back, we're writing the bin logs back to to the main database every 24 hours. Now we are faced with an ldap server which can only read from its database. After an restart of the server everything works as expected but the same happens again irregularly... My Questions are: 1. what could happen with the server, which makes it only being able to read of its own db? 2. why are the bin logs are growing so dramatically? Thanks for any help Tom

2 1

Re: Re[2]: Searching few domains for one uid
by Quanah Gibson-Mount 12 Jul '12

12 Jul '12

--On Thursday, July 12, 2012 10:55 AM +0200 kefast(a)o2.pl wrote: > > Thanx for Your response, and I'm sorry, cause I didn't catch that. > Do You mean I should set var in ldap.conf on a client to > BASE "dc=a,dc=com dc=b,dc=com,dc=de dc=c,dc=com,dc=fr" ? Please keep your reply on the list. You should use a base of "", which is the root base. On your LDAP server too. Then everything is stored under "", and any search of "" for uid will return all entries below it. If this was a file system, "" would be equivalent to / --Quanah -- Quanah Gibson-Mount Sr. Member of Technical Staff Zimbra, Inc A Division of VMware, Inc. -------------------- Zimbra :: the leader in open source messaging and collaboration

1 0

Searching few domains for one uid
by kefast＠o2.pl 12 Jul '12

12 Jul '12

Hello, I've got 3 domains (departments), for egzample: a.com b.com.de c.com.fr and each of them has it's own posixAccount users (moved from nis). I want every user in each department to be albe to login with his credencials, localized under people.$(domainname) to machines under all domains, but as far as I know, You cant search for uid or anyting else in more then one domain, cause a BASE attrib in ldap.conf accept only one search base. Is the only way to do this is change the schema to: a.com.corp b.com.de.corp c.com.fr.corp and set the search base to dc=corp ? I've also read about setting base to config and put it there. -- Pozdrowienia, kefast(a)o2.pl

2 1

RE: Setting up multiple proxies on openldap 2.4.23
by Bhargav Mistry 11 Jul '12

11 Jul '12

Gentle bump ! From: Bhargav Mistry Sent: Friday, July 06, 2012 6:43 PM To: openldap-technical(a)openldap.org Subject: Setting up multiple proxies on openldap 2.4.23 Hi, I am trying to configure multiple proxy so that the ldap master can push data to more than one proxy servers. My olcDatabase={3}ldap.ldif file looks like this: dn: olcDatabase={3}ldap objectClass: olcDatabaseConfig objectClass: olcLDAPConfig olcDatabase: {3}ldap olcHidden: TRUE olcSuffix: dc=amdocs,dc=com olcRootDN: cn=ldap,dc=amdocs,dc=com olcSyncUseSubentry: FALSE olcMonitoring: TRUE structuralObjectClass: olcLDAPConfig entryUUID: c7d2672e-5c10-1031-9a08-0f8186de202c creatorsName: cn=config createTimestamp: 20120706234807Z olcSyncrepl:: <syncrepl entry here> olcDbACLBind: bindmethod=simple timeout=0 network-timeout=0 binddn="cn=Manager ,dc=something,dc=com" credentials="secret" olcDbURI: ldap://proxy-1.server.com entryCSN: 20120707001006.061485Z#000000#001#000000 modifiersName: cn=config modifyTimestamp: 20120707001006Z With this configuration it is currently pushing only to proxy-1.server.com, how do I add more than one olcDbURI values so that it can push to multiple servers? Thanks. Bhargav. This message and the information contained herein is proprietary and confidential and subject to the Amdocs policy statement, you may review at http://www.amdocs.com/email_disclaimer.asp

1 0

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

openldap-technical July 2012